Addemar Support Knowledge

Update on the OpenSSL Vulnerability: Heartbleed

In short:

An alarming bug in Internet Security was discovered a few days ago. It potentially has exposed millions of passwords, credit card numbers and other sensitive bits of information.

We've insured that all of our systems have been patched to remove it. We have no reason to believe that your data was compromised, however, to avoid any risk, we suggest you change your password of your account asap.

 

In more technical detail:

On April 7th 2014, a vulnerability was found in the popular OpenSSL open source library. It has affected most webservices on the internet.

This library is key for maintaining privacy/security between servers and clients, and confirming that Internet servers are who they say they are.

Our application uses the OpenSSL library as well !

Only the addemar.com url's use this. The Addemar clients that have their own domain were not compromised at any moment! There is no need for those domains to change the password.

 

What does it do?

This vulnerability, known as Heartbleed, affects the OpenSSL framework which is used by many web-based applications to privately send data to and from an internet server ( f.e login credentials to access an application ).

Additional information can be found on the Heartbleed Bug Site including a detailed FAQ.

 

How we fixed it !

We want to inform you that we have applied the necessary security patches that solve this issue to our systems and as recommended by the security advisory.

 

What can you do about this?

As of right now, we have no indication that the attack has been used against our application. That said, the nature of the attack makes it hard to detect so we're proceeding with a high level of caution.

Do you want to be extra cautious, you can take the following steps:

  • Reset/change your password inside our application. How to do this is described here
  • Create a new web service user to connect to our API.  Need help, click here ! Please take up contact with your IT department to check the related impact !

 

Please feel free to contact us at support@addemar.com with any questions regarding this issue !